The present invention, in some embodiments thereof, relates to an authentication system, and more specifically, but not exclusively, to a system for continuous authentication and authorization.
As used herein, the term “computer-controlled system” means a system having computer-controlled access control and the term “computer-controlled object” means an object having computer-controlled access control.
There may be a need to restrict access to a restricted resource such as a computer-controlled system or a digital artefact, for example a software program, a document file, or a video file or other media file, and allow access only from within one or more secure locations, even for persons authorized to access the computer-controlled system or digital artefact. For example, restriction may be limited to be only from one or more rooms within the premises of an enterprise. Other examples of a secure location are a deal room, a war room and a safe room in a bank. Commonly used methods include restricting access to a predefined Local Area Network (LAN), identified by an Internet Protocol (IP) address range of the LAN.
In addition to initial authentication and authorization, there may be a need to continuously verify a person accessing a restricted resource is in the secure location all the while the restricted resource is accessed.
Digital combination locks are a commonly used way of controlling access to a location, an object or a digital artefact. For example, screen locking of a mobile device may comprise a digital combination lock. A typical digital combination lock comprises a code sequence. Some code sequences comprise a plurality of alphanumeric characters, for example a password and a Personal Identification Number (PIN); some other code sequences comprise a plurality of gestures, for example a pattern lock on a mobile device. In some cases, a code sequence for unlocking a digital combination lock is personal, that is a certain user is associated with a certain code sequence.